Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > DotNet 2 - Applications security

Reply
Thread Tools

DotNet 2 - Applications security

 
 
bruttogatto@gmail.com
Guest
Posts: n/a
 
      08-30-2007
Hi all

I hope somebody can help me

In a shared environment, I need to use 2 different application pools
with different security levels, here the example:

Application pool 1: Environment for customers has to be rescricted in
some rights (I have altready a trust level just configured)
Application pool 2: Environment for a private WebService used to
administer the server, this has to be "full trust"

My Global web.config is like this:


<location path="Utilities" allowOverride="true">
<system.web>
<identity impersonate="true" />
<trust level="Full" originUrl="" />
</system.web>
</location>

<location allowOverride="false">
<system.web>
<identity impersonate="true"/>
<securityPolicy>
<trustLevel name="Full" policyFile="internal" />
<trustLevel name="High"
policyFile="web_hightrust.config" />
<trustLevel name="Medium"
policyFile="web_mediumtrust.config" />
<trustLevel name="MediumEx"
policyFile="web_extra_mediumtrust.config" />
<trustLevel name="Low"
policyFile="web_lowtrust.config" />
<trustLevel name="Minimal"
policyFile="web_minimaltrust.config" />
<trustLevel name="MySpecialConfig"
policyFile="MySpecialConfig.config" />
</securityPolicy>
<trust level="MySpecialConfig" originUrl="" />
</system.web>
</location>

but it doesn't do what I want... Or every sites goes to "full trust"
or in "MySpecialConfig" trust config

Can somebody tell me where I make mistakes?

Thanks and sorry for terrible english

 
Reply With Quote
 
 
 
 
Dominick Baier
Guest
Posts: n/a
 
      08-30-2007
specify the full path to the site/app

e.g.

<location path="Default WebSite">

or

<location path="Default WebSite/App1">



-----

Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

> Application pool 1: Environment for customers has to
>



 
Reply With Quote
 
 
 
 
bruttogatto@gmail.com
Guest
Posts: n/a
 
      08-31-2007
On 30 Ago, 19:44, Dominick Baier
<dbaier@pleasepleasenospam_leastprivilege.com> wrote:
> specify the full path to the site/app
>
> e.g.
>
> <location path="Default WebSite">
>
> or
>
> <location path="Default WebSite/App1">
>
> -----


let me try to be more accurate

I don't want to give a different trustlevel to an WEB APPLICATION but
to an APPLICATION POOL

Something like:

<location path="DefaultAppPool">
.....
</location>

and

<location path="Utilities">
.....
</location>

I hope it's possible... I cant' create so many configurations (allways
the same config) for each website in my shared webserver

Thanks for reply

 
Reply With Quote
 
Dominick Baier
Guest
Posts: n/a
 
      08-31-2007
you cannot do that for an app pool. Only for sites and apps.


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

> On 30 Ago, 19:44, Dominick Baier
> <dbaier@pleasepleasenospam_leastprivilege.com> wrote:
>> specify the full path to the site/app
>>
>> e.g.
>>
>> <location path="Default WebSite">
>>
>> or
>>
>> <location path="Default WebSite/App1">
>>
>> -----
>>

> let me try to be more accurate
>
> I don't want to give a different trustlevel to an WEB APPLICATION but
> to an APPLICATION POOL
>
> Something like:
>
> <location path="DefaultAppPool">
> ....
> </location>
> and
>
> <location path="Utilities">
> ....
> </location>
> I hope it's possible... I cant' create so many configurations (allways
> the same config) for each website in my shared webserver
>
> Thanks for reply
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Was security hole in dotnet 1.1 fixed in dotnet 2.0 Chuck ASP .Net 3 02-08-2007 05:31 PM
DOTNET: dotnetHow to Save ALL CONTENTS of web page with "SaveFileDialog Control" in dotnet contact Computer Support 1 12-28-2006 11:40 AM
microsoft.public.dotnet.faqs,microsoft.public.dotnet.framework,microsoft.public.dotnet.framework.windowsforms,microsoft.public.dotnet.general,microsoft.public.dotnet.languages.vb Charles A. Lackman ASP .Net 1 12-08-2004 07:08 PM
microsoft.public.dotnet.framework.aspnet.webcontrols ,microsoft.public.dotnet.framework.aspnet Alfred Sehmueller ASP .Net Web Controls 0 02-20-2004 02:39 PM
microsoft.public.dotnet.languages.vb,microsoft.public.windowsxp.print_fax,microsoft.public.dotnet.framework.aspnet SpamProof ASP .Net 0 10-21-2003 12:32 PM



Advertisments